[cisco-voip] Expressway blues
Carlos G Mendioroz
tron at huapi.ba.ar
Sun Feb 19 08:12:18 EST 2017
FYI, the problem was mainly certs related.
(8.9 also adds a need for PTRs in the inside at least for the Edge node)
Replacing the certs made it work. That was not a straight process (using
my own OpenSSL generated certs) because Expressway would reject certs
that had extensions in a different order than expected.
Or that had options (like type) not expected.
Thanks to all that replied,
-Carlos
Heim, Dennis @ 17/02/2017 22:13 -0300 dixit:
> Do you Expressway-E certs have the voice services domain in them as a SAN?
>
>
>
> *Dennis Heim | Emerging Technology Architect (Collaboration)*
>
> World Wide Technology, Inc. | +1 314-212-1814
>
> cid:image001.png at 01D10DD2.7FC81F90 <https://twitter.com/CollabSensei>
>
> cid:image002.png at 01D10DD2.7FC81F90
> <xmpp:dennis.heim at wwt.com>cid:image003.png at 01D10DD2.7FC81F90
> <tel:+13142121814>cid:image004.png at 01D10DD2.7FC81F90
> <sip:dennis.heim at wwtatc.com>
>
> "Worry less about who you might offend, and more about who you might
> inspire" -- Tim Allen
>
> “When you have unlimited time, its easy” – Captain Chesley Sullenberger
>
> “There is a fine line between Wrong and Visionary. Unfortunately, you
> have to be a visionary to see it." – Sheldon Cooper
>
> “The greatest danger for most of us is not that our aim is too high and
> we miss it, but that it is too low and we reach it.” -- Michelangelo
> Buonarroti
>
> “We should transform the way we work” – Rowan Trollope
>
> “If you’re not failing every now and again, it’s a sign you’re not doing
> anything very innovative” – Woody Allen
>
>
>
> _Click here to join me in my Collaboration Meeting Room
> <https://wwt.webex.com/meet/dennis.heim>___
>
>
>
> *From:*cisco-voip [mailto:cisco-voip-bounces at puck.nether.net] *On Behalf
> Of *Ryan Huff
> *Sent:* Friday, February 17, 2017 8:07 PM
> *To:* Carlos G Mendioroz <tron at huapi.ba.ar>
> *Cc:* cisco-voip at puck.nether.net
> *Subject:* Re: [cisco-voip] Expressway blues
>
>
>
> Start with the basic configuration guide for Expressway
> 8.9: http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config_guide/X8-9/Cisco-Expressway-Basic-Configuration-Deployment-Guide-X8-9.pdf
>
>
>
>
>
> Here is the Expressway 8.9 MRA configuration
> guide: http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config_guide/X8-9/Mobile-Remote-Access-via-Expressway-Deployment-Guide-X8-9.pdf
>
>
>
>
>
> Here are all the Expressway guides, but the two above seem most relevant
> to what you're trying to accomplish.
>
>
>
> http://www.cisco.com/c/en/us/support/unified-communications/expressway-series/products-installation-and-configuration-guides-list.html
>
>
>
> Thanks,
>
>
>
> Ryan
>
>
>
> On Feb 17, 2017, at 7:25 PM, Carlos G Mendioroz <tron at huapi.ba.ar
> <mailto:tron at huapi.ba.ar>> wrote:
>
> I do have advance networking, but have been unable to find a definitive
> guide to have it configured in any way.
> If you have a pointer to a doc for tshooting, or arquitecture, or ...
> I'd really appreciate it.
> Thanks!
>
> Ryan Huff @ 17/02/2017 21:00 -0300 dixit:
>
> Expressway servers on a stick are not fun.
>
>
>
> You should note, that using dual interfaces on the expressway E
> server is the recommended solution.
>
>
>
> Is there a reason you have to use the single interface?
> Troubleshooting is much easier and firewall requirements are a
> little more straightforward with dual interfaces.
>
>
>
> If you add the advanced networking license option onto the
> expressway E server and reboot, you'll have the ability to use
> dual interface (if you don't already have that option).
>
>
>
> Thanks,
>
>
>
> Ryan
>
>
>
> On Feb 17, 2017, at 6:50 PM, Carlos G Mendioroz
> <tron at huapi.ba.ar <mailto:tron at huapi.ba.ar>> wrote:
>
>
>
> Single interface.
>
> On a public IP BTW.
>
>
>
>
>
> Ryan Huff @ 17/02/2017 20:48 -0300 dixit:
>
> How is your expressway E server configured? Single
> interface or door interfaces?
>
>
>
> Sent from my iPhone
>
>
>
> On Feb 17, 2017, at 6:40 PM, Carlos G Mendioroz via
> cisco-voip <cisco-voip at puck.nether.net
> <mailto:cisco-voip at puck.nether.net>> wrote:
>
>
>
> Hi,
>
> I'm trying to get a pair of Expressway to work with,
> at least, Jabber
>
> for windows.
>
>
>
> After a couple of days w/o success with 8.5.3, I
> reinstalled with 8.9.1.
>
> Certs are from StartSSL, C/E pair config seems fine
> (Traversal zone ok,
>
> ssh tunnel active). Internal CM/CUPS/CUC with no TLS
> verify (using default
>
> Self Signed Certs).
>
>
>
> SRVs are in place, but no joy. The Jabber client
> (10.6) connects fine
>
> internally, but when trying to access from the
> outside, it fails with
>
> server connection failure.
>
>
>
> Tried with SSO disabled on the Expressways, also
> with it set to On.
>
> (Only one CM/CUPS/CUC server inside, no SSO there,
> 10.5.2)
>
>
>
> Help ?
>
>
>
> --
>
> Carlos G Mendioroz <tron at huapi.ba.ar
> <mailto:tron at huapi.ba.ar>> LW7 EQI Argentina
>
> _______________________________________________
>
> cisco-voip mailing list
>
> cisco-voip at puck.nether.net
> <mailto:cisco-voip at puck.nether.net>
>
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
>
> --
>
> Carlos G Mendioroz <tron at huapi.ba.ar
> <mailto:tron at huapi.ba.ar>> LW7 EQI Argentina
>
>
> --
> Carlos G Mendioroz <tron at huapi.ba.ar <mailto:tron at huapi.ba.ar>>
> LW7 EQI Argentina
>
--
Carlos G Mendioroz <tron at huapi.ba.ar> LW7 EQI Argentina
More information about the cisco-voip
mailing list